CVE-2020-29487

Name of the Vulnerable Software and Affected Versions Xen XAPI versions prior to 2020-12-15

Description An issue was discovered in Xen XAPI where certain xenstore keys provide feedback from the guest and are watched by toolstack, specifically by xenopsd. The watching logic in xenopsd sends one RPC update containing all data any time a single xenstore key is updated, resulting in O(N^2) time complexity. Furthermore, message-switch retains recent RPC messages for diagnostic purposes, yielding O(M*N) space complexity. A buggy or malicious guest can cause unreasonable memory usage in dom0, resulting in a host denial of service. The quantity of memory a single guest can monopolize is bounded by xenstored quota, which is fairly large, believed to be in excess of 1G per malicious guest.

Recommendations As a temporary workaround, consider disabling the xenopsd watching logic until a patch is available. Restrict access to the xenstore keys to minimize the risk of exploitation. Avoid using the RPC update feature in xenopsd until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.